Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

GRE/IPSec Tunnel Help!!!

We have some routers that are going over a GRE tunnel and have IPSec encryption. THis is done over a 3G line. We were experiencing problems with certain applications being slow and changed the mtu size from 1514 to 1420. This improved the connection to our applications but now they are having issues getting to certain internet sites. Has anyone seen this issue before? Is there a fix to it?

This is our tunnel config...

interface Tunnel0

ip address 10.10.5.6 255.255.255.252

ip tcp adjust-mss 1420

tunnel source Cellular0/1/0

tunnel destination 68.16.91.195

tunnel path-mtu-discovery

!

3 REPLIES
Cisco Employee

Re: GRE/IPSec Tunnel Help!!!

Hello,

Can you be more specific about the "issues getting to certain internet sites"? Do you suspect your packets getting lost? Is the connection still slow? Can you perhaps identify some technical issue that you believe to be related to the cause of your problem?

Best regards,

Peter

New Member

Re: GRE/IPSec Tunnel Help!!!

ip tcp adjust-mss 1360

On the Cellular0/1/0 interface.

I had a similar issue and this helped.

Hall of Fame Super Silver

Re: GRE/IPSec Tunnel Help!!!

Hello Dennis,

I agree with Brent you need to reduce further TCP MSS 1420 doesn't reflect all your encapsulation overheads (GRE 24 Bytes and IPSEC (variable depending if using tunnel mode or not) and 40 bytes IPv4 + TCP headers)

Hope to help

Giuseppe

191
Views
0
Helpful
3
Replies